0% completed

All LessonsFree Lessons (7)

Introduction

Introduction to the Course Who This Course Is For?Formatting Errata and Additional Content

Understanding The Browser

Browser Basics What Does a Browser Do?Vendors A Browser for Developers Quiz Yourself on Browsers

HTTP

Introduction to HTTP How HTTP Works Mechanics: HTTP vs HTTPS vs H2 Mechanics: Encryption HTTPS Everywhere GET vs POST Quiz Yourself on HTTP

Protection through HTTP Headers

HTTP Strict Transport Security HTTP Public Key Pinning Expect-CT X-Frame-Options Content-Security-Policy X-XSS-Protection Feature-Policy X-Content-Type-Options Cross Origin Resource Sharing X-Permitted-Cross-Domain-Policies & Referrer-Policy The reporting API Quiz Yourself on HTTP Headers

HTTP Cookies

Introduction HTTP Cookies

What's Behind a Cookie?

Session and Persistent Cookies

Encrypt it Or Forget it

JavaScript Can't Touch This

SameSite: The CSRF Killer

Conclusion: What Would LeBron Do?

Quiz Yourself on HTTP Cookies

Situationals

Introduction to Situationals Denylisting vs. Allowlisting Logging Secrets Never Trust The Client Generating Session IDs Querying Your Database While Avoiding SQL Injections Dependencies With Known Vulnerabilities Have I Been Pwned?Session Invalidation in a Stateless Architecture My CDN Was Compromised!The Slow Death of EV Certificates Paranoid Mode: On Low-priority and Delegated Domains OWASP Hold The Door Quiz Yourself on Situationals

DDoS Attacks

Introduction to DDoS Anatomy of a DDoS Why Would Anyone Bomb Me?Notable DDoS Attacks Don't Panic: Some Services to The Rescue!Hackers Welcome Quiz Yourself on DDoS Attacks

Bug Bounty Programs

Introduction to Bug Bounty Programs What's in a Program?Security.txt HackerOne Dealing With Researchers Malicious Reporters Quiz Yourself on Bug Bounty Programs

Conclusion

This Is The End In the Works A Few Thank Yous

Web Application Security for the Everyday Software Engineer/

...

/

Alternatives

Alternatives

In this lesson, we'll study the alternatives to cookies.

We'll cover the following...

- localStorage
- JWT

Reading all of this material about cookies and security you might be tempted to say, “I really want to stay away from cookies!”. The reality is that, as of now, cookies are your best bet if you want to implement some sort of session mechanism over HTTP. Every now and ...